Lucene search
K

889 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/04 3:30 p.m.5 views

CVE-2025-59785

Improper validation of API end-point in 2N Access Commander version 3.4.2 and prior allows attacker to bypass password policy for backup file encryption. This vulnerability can only be exploited after authenticating with administrator privileges...

5.3CVSS5.9AI score0.00189EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/04 3:30 p.m.5 views

CVE-2025-59785 API - Insufficient Input Validation

Improper validation of API end-point in 2N Access Commander version 3.4.2 and prior allows attacker to bypass password policy for backup file encryption. This vulnerability can only be exploited after authenticating with administrator privileges...

5.3CVSS5.9AI score0.00189EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/04 3:30 p.m.35 views

CVE-2025-59785 API - Insufficient Input Validation

Improper validation of API end-point in 2N Access Commander version 3.4.2 and prior allows attacker to bypass password policy for backup file encryption. This vulnerability can only be exploited after authenticating with administrator privileges...

5.3CVSS0.00189EPSS
Exploits0References1
CVE
CVE
added 2026/03/04 3:30 p.m.14 views

CVE-2025-59785

CVE-2025-59785 affects 2N Access Commander, with affected versions prior to 3.4.3. The root cause is improper validation of an API endpoint in the product, which can allow bypassing the password policy used for backup file encryption. Exploitation requires administrator privileges (authenticated ...

7.2CVSS5.9AI score0.00189EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/04 3:19 p.m.4 views

CVE-2025-59783 OS Command Injection over API

API endpoint for user synchronization in 2N Access Commander version 3.4.1 did not have a sufficient input validation allowing for OS command injection. This vulnerability can only be exploited after authenticating with administrator privileges...

8.8CVSS5.9AI score0.0086EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/04 12:0 a.m.5 views

PT-2026-22932

Name of the Vulnerable Software and Affected Versions 2N Access Commander versions prior to 3.4.3 Description A flaw exists in the validation of an API endpoint in 2N Access Commander that could allow an attacker to bypass the password policy for backup file encryption. Successful exploitation...

7.2CVSS5.9AI score0.00189EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/02/27 12:0 a.m.5 views

PT-2026-22396

Name of the Vulnerable Software and Affected Versions Kiteworks versions prior to 9.2.0 Description Kiteworks Email Protection Gateway contains a flaw that allows authenticated administrators to inject malicious scripts through a configuration interface. These scripts execute when users interact...

8.1CVSS6AI score0.00331EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/02/25 4:6 a.m.4 views

CVE-2026-27461

Pimcore is an Open Source Data & Experience Management Platform. In versions up to and including 11.5.14.1 and 12.3.2, the filter query parameter in the dependency listing endpoints is JSON-decoded and the value field is concatenated directly into RLIKE clauses without sanitization or parameteriz...

6.9CVSS5.4AI score0.00457EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/02/24 8:3 p.m.6 views

Pimcore vulnerable to SQL injection via unsanitized filter value in Dependency Dao RLIKE clause

The filter query parameter in the dependency listing endpoints is JSON-decoded and the value field is concatenated directly into RLIKE clauses without sanitization or parameterized queries. Affected code in models/Dependency/Dao.php: - getFilterRequiresByPath lines 90, 95, 100 -...

6.9CVSS5.6AI score0.00457EPSS
Exploits1References6Affected Software1
NVD
NVD
added 2026/02/24 4:15 a.m.8 views

CVE-2026-27461

Pimcore is an Open Source Data & Experience Management Platform. In versions up to and including 11.5.14.1 and 12.3.2, the filter query parameter in the dependency listing endpoints is JSON-decoded and the value field is concatenated directly into RLIKE clauses without sanitization or parameteriz...

6.9CVSS0.00457EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/02/24 2:50 a.m.4 views

CVE-2026-27461

Pimcore is an Open Source Data & Experience Management Platform. In versions up to and including 11.5.14.1 and 12.3.2, the filter query parameter in the dependency listing endpoints is JSON-decoded and the value field is concatenated directly into RLIKE clauses without sanitization or parameteriz...

6.9CVSS5.4AI score0.00457EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/02/24 2:50 a.m.5 views

CVE-2026-27461 Pimcore vulnerable to SQL injection via unsanitized filter value in Dependency Dao RLIKE clause

Pimcore is an Open Source Data & Experience Management Platform. In versions up to and including 11.5.14.1 and 12.3.2, the filter query parameter in the dependency listing endpoints is JSON-decoded and the value field is concatenated directly into RLIKE clauses without sanitization or parameteriz...

6.9CVSS5.6AI score0.00457EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/02/24 12:0 a.m.9 views

PT-2026-21807

Name of the Vulnerable Software and Affected Versions GetSimpleCMS Community Edition version 3.3.16 Description GetSimpleCMS Community Edition version 3.3.16 has a stored cross-site scripting issue in the Theme to Components functionality within the components.php file. Input to the “slug” field ...

4.8CVSS4.8AI score0.00295EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/02/20 11:10 p.m.31 views

CVE-2026-27146 GetSimple CMS: Cross-Site Request Forgery (CSRF) in File Upload Allows Arbitrary Uploads

GetSimple CMS is a content management system. All versions of GetSimple CMS do not implement CSRF protection on the administrative file upload endpoint. As a result, an attacker can craft a malicious web page that silently triggers a file upload request from an authenticated victim’s browser. The...

7.1CVSS0.00174EPSS
Exploits1References1
CVE
CVE
added 2026/02/19 4:36 a.m.16 views

CVE-2026-1047

CVE-2026-1047 concerns the WordPress salavat counter plugin (versions

4.4CVSS5.7AI score0.00297EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/02/19 1:28 a.m.6 views

CVE-2025-70062

PHPGurukul Hospital Management System v4.0 contains a Cross-Site Request Forgery CSRF vulnerability in the 'Add Doctor' module. The application fails to enforce CSRF token validation on the add-doctor.php endpoint. This allows remote attackers to create arbitrary Doctor accounts privileged users ...

6.5CVSS5.9AI score0.00173EPSS
Exploits1References1
OSV
OSV
added 2026/02/18 10:7 p.m.4 views

GHSA-93FX-G747-695X LibreNMS /port-groups name Stored Cross-Site Scripting

Summary /port-groups name Stored Cross-Site Scripting - HTTP POST - Request-URIs: "/port-groups" - Vulnerable parameters: "name" - Attacker must be authenticated with "admin" privileges. - When a user adds a port group, an HTTP POST request is sent to the Request-URI "/port-groups". The name of t...

5.1CVSS5.5AI score0.00216EPSS
Exploits1References6
OSV
OSV
added 2026/02/11 1:15 p.m.5 views

CVE-2025-66274

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the...

4.9CVSS5.8AI score0.0037EPSS
Exploits0References1
NVD
NVD
added 2026/02/11 1:15 p.m.9 views

CVE-2025-58466

A use of uninitialized variable vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to denial of service conditions, or modify control flow in unexpected ways. We have alread...

5.1CVSS0.00503EPSS
Exploits0References1
CVE
CVE
added 2026/02/09 8:53 p.m.14 views

CVE-2026-25878

FroshAdminer (Shopware Platform) vulnerable in versions prior to 2.2.1 where the Adminer UI at /admin/adminer was exposed without Shopware admin authentication due to auth_required=false and no session validation. This allowed unauthenticated access to the Adminer UI, with a potentially limited i...

6.9CVSS5.5AI score0.00362EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder